Towards Modeling and Transformation of Security Requirements for Service-oriented Architectures

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Towards Modeling and Transformation of Security Requirements for Service-oriented Architectures"

Transcription

1 Towards Modeling and Transformation of Security Requirements for Service-oriented Architectures Sven Feja 1, Ralph Herkenhöner 2, Meiko Jensen 3, Andreas Speck 1, Hermann de Meer 2, and Jörg Schwenk 3 1 Computer Science Department, Christian-Albrechts-University of Kiel, Germany {sven.feja 2 Faculty of Informatics and Mathematics, University of Passau, Germany {rhk 3 Horst Görtz Institute for IT-Security, Ruhr University Bochum, Germany {Meiko.Jensen Abstract. The design of secure network-based systems is a very important aspect of the software development processes. For process design and composition, the emerging model-driven software development approach discloses new challenges. Existing approaches often only focus on their specific view i.e. business process modeling, security modeling, code generation neglecting interoperability with and reusability of other approaches. This is a position paper, pointing out the need for combining process and security modeling of distributed services. Such an approach should cover code generation for service-oriented architectures, encapsulation of security modeling for processes, and security and privacy requirement specification. 1 Introduction For the future Internet, we expect a massive increase in the presence of service networks. Thus, the task of realizing truly interoperable services will increase in complexity. In particular, requirements on reliability and security have to be taken into account. The model-driven software development approach provides an appropriate solution by specifying a service or the business processes behind. Using an abstract modeling language is much easier compared to expressing and fulfilling the same requirements in common programming languages directly. Typical approaches on model-driven software development are business process modeling (e.g. BPMN), code generation (e.g. by using UML) and security modeling (e.g. UMLsec). Apart from modeling and code generation for the pure functionality of a service, which has matured during the last years, the modeling of non-functional requirements still suffers from several teething troubles. In particular, embedding security requirements into a business process model has some open issues yet. For

2 that reason, semantical deviations between the business view and the security view of the same service arise. This may lead to unsafe service behaviors or even service failure.thus, an open issue is granting semantic consistency between the different views of a business process and its related services, enabling a secure and reliable development, deployment and usage of such services. In this paper, we discuss the possibilities of embedding security requirements into business process models, along with a transformation to automatically derive and deploy the appropriate security enforcement mechanisms into the generated process system. Here, Web Services in particular WS-BPEL-based service composition provide a well understood approach for deriving services from process models. 2 Concept Overview Security issues are, as explained above, very important for every developed software solution. But despite the chosen kind of software development, at the moment there is only an unsatisfying support to include these properties from the beginning of the overall software development process [1]. The model-driven software development, which enables the development of model-driven architectures, uses models as first class artifacts to generate software. But if we assume models as being the starting point of software development, then it should be possible to state security requirements at this level already. Our concept focuses on the model-driven software development as overall process. Therefore, we intend to extend that process with the possibility to specify security requirements for the underlying (process) models. Figure 1 depicts this extension of the overall process. The left side of Figure 1 shows the modeling and transformation of a process model. The right side gives an overview of the main contribution of our concept how a security model can be used to extend the model-driven software development process. The three main parts are explained in the following. Technically, these capabilities have to be delivered by the development environment and development tools used, respectively. 2.1 Security Modeling The modeling of security properties is based on the given security requirements as described in section 2.3. To include such properties in models, it is important to have a look at the possible types of models. There are many kinds of models like process models or workflows. Each of them has its own semantic and graphical definition. Therefore, a generic definition of security requirements is useful. This generic security model, which consists of a graphical and a semantical part, has to provide adapters for each type of model. Hence, each adapter defines how a security property is visualized for a concrete type of model. The technique to use generic models as overall definition is a common approach [2] and reduces the effort of defining security properties for each kind of model on its own.

3 Fig. 1. An overview of the general approach Besides the application of transformations, one main task of the development tools is the representation of models in general. A closer look on these models discloses that the combination of the predefined model elements and the new security elements is possible. If we assume that a model gets extended with more and more functional and non-functional properties, the complexity of these models which are rather complex by themselves grows rapidly. In order to reduce this complexity, a development tool should be able to deliver different views for each stakeholder (see also [3]). A view can show only the important aspects and elements of a model which are intended to be viewed and edited. 2.2 Security Transformations Apart from the possibility to clearly state the security requirements of a business process, another major purpose of the security modeling approach presented here is the ability to automatically generate appropriate security realization implementations from the model specification. These transformations take the given business process model and security model as input, generating a technical process description that can directly be deployed to an appropriate runtime environment, and already contains appropriate security enforcement techniques like data encryption and digital signature application. The intended target technology for this approach is the Web Services platform. The major advantage of this technology especially regarding security is that it provides a clear separation of concerns. For instance, a business process model can be transformed into an appropriate WS-BPEL process description,

4 which is ready-to-run itself this actually has already been done, see e.g. [4] and there is no need to cope with security issues so far. Once security requirements are stated, they can be expressed using WS- SecurityPolicy documents that describe the security properties required for a Web Service at a technical layer. These security policies can then be linked to the service descriptions (WSDL) of the WS-BPEL process, automatically enabling the contained security assertions at the messaging layer (cmp. [5]). Thus, the security processing can be enabled and disabled by adding or removing a link to the WS-SecurityPolicy document within the service descriptions. The rest is done by the middleware framework. For the purpose of security model transformation the obvious transformation output is a set of WS-SecurityPolicy documents, annotating the service descriptions that are involved in the WS-BPEL process description. This output can be generated from the security model by iterating over the given model annotations, determining the involved Web Service endpoints between the security property s start and end elements in the process model, and specifying an appropriate WS-SecurityPolicy for each of them. Once the full security model transformation is in place and covers all major security properties (e.g. confidentiality, data integrity, access control etc.), the task of enabling a security property for a given business process model can easily be performed by the process designer, the rest being performed by the security modeling tool. 2.3 Security Requirements In the stage of business process design the security requirements are formulated taking into account known security issues. These requirements are closely related to the functional requirements, and often influenced by legal principles and rules e.g. for the capital market (like SOX and BaselII) and for privacy and data protection (data protection laws) and satisfy the security demands of the given processes and their regulatory framework. Commonly, security requirements are elaborated as security properties within policies, regulating the protected processes. These policies may be known publicly like the WS-SecurityPolicy in Web Services or may be declared business secrets for internal process management only. Independent from whether a policy is published or not, only a strict enforcement of its constraints enables the intended protection effects. Thus, policy decision and enforcement must be integrated within the security management. There are several security requirements a business process possibly must be aware of. Well-known elementary requirements are related to integrity, confidentiality, authenticity, and availability. More complex requirements demand access control, non-repudiation and responsibility definitions for automated data processing systems (e.g. required for data protection issues). In order to handle all these requirements and to ensure their achievement by given security properties, evaluating IT security is a proper instrument (cmp. [6]). A security model already containing all used security properties is a good

5 candidate for becoming a basis of such an evaluation. Thus, integrating the necessary formal argumentation into the security model enables security and data protection audits on the same model used for the software development. 3 Related Work In this section, we discuss some related approaches, covering model analysis, transformation, and application for service-oriented architectures. In the model-driven software development the new application is defined with models. One possible kind are business models, which describe on a high abstraction level the desired behavior of the system. In [4] this business model is an event-driven process chain (EPC). This EPC is transformed in an executable workflow in BPEL. However, that approach is only an example for a special kind of model which transformation tasks need to be done in order to generate a software application. But for other types of models similar approaches exist to derive a software solution out of models. The quality of a software, which is developed with a software development process like the model-driven process, depends on the quality of its underlying models. To reduce the complexity of large process models techniques like Model Checking can be used. But this technique firstly was not intended to be use on the abstraction level of process models and workflows. However, that requirement could be achieved with the Temporal Logic Visualization Framework [7]. The framework enables the process modeler to specify functional requirements for process models as graphical rules instead of textual ones. A well-known approach for modeling of security properties is the UML extension UMLsec. The intended purpose of UMLsec is secure system development, and it allows modeling of common security properties, providing mathematical formalisms for security analyses. Examples for such a security analysis can be found in [8] and in [9]. Moreover, UMLsec is extensible for user-defined properties that are required within rather uncommon contexts (e.g. the responsibility property is required for privacy). Also, it adapts well the requirements of process modeling. For example, there is an approach using UMLsec for describing security properties related to data protection within the process model of biobanks [10]. However, when it comes to Web Services, the usage of BPMN or EPC process models often is preferred to UML, strengthening the need for a generic security model as described in Section 2.1. The idea of using a model-driven approach for enabling security properties for the particular target platform of Web Services can also be found in [11], to our knowledge the first approach of this kind. Nevertheless, that approach was limited to a particular process model and did not provide a full evaluation on the topic. Additionally, it did not cover other applications of a security model than code generation, as discussed in Section 2.3.

6 4 Conclusion and Future Work The presented idea of a general security model that annotates any business process model has serveral advantages. At first, it enables modeling security requirements on a formal basis, helping in specification and verification of security requirements. Second, the ability to generate ready-to-run implementations that automatically stick with the security requirements specified in the model makes it much easier to embed security into a business process system.finally, the approach enables the use of the security model in formal proofs on security-related properties on generated implementations. Nevertheless, such an approach must be able to exclude unnecessary information, preventing overinformation in regard to the different views. Thus, our future work focuses on definition and realization of a generic security model to be used for any kind of process modeling language, which would enable these advantages. References [1] Charfi, A., Berbner, R., Mezini, M., Steinmetz, R.: Management Requirements of Web Service Compositions. In: WEWST. (2007) [2] Melnik, S.: Generic Model Management: Concepts and Algorithms. Springer Berlin Heidelberg (2004) [3] Lübke, D., Lüecke, T., Schneider, K., Gómez, J.M.: Using event-driven process chains for model-driven development of business applications. International Journal of Business Process Integration and Management (IJBPIM) (2008, to appear) [4] Stein, S., Kühne, S., Drawehn, J., Feja, S., Rotzoll, W.: Evaluation of OrViA Framework for Model-Driven SOA Implementations: An Industrial Case Study. In: 6th International Conference on Business Process Management. (2008) [5] Gruschka, N., Luttenberger, N., Herkenhöner, R.: Event-based SOAP Message Validation for WS-SecurityPolicy-enriched Web Services. In: Proceedings of the 2006 International Conference on Semantic Web & Web Services. (2006) [6] Weiß, S., Weißmann, O., Dressler, F.: A Comprehensive and Comparative Metric for Information Security. In: IFIP International Conference on Telecommunication Systems, Modeling and Analysis 2005 (ICTSM2005), Dallas, TX [7] Feja, S., Fötsch, D.: Model Checking with Graphical Validation Rules. In: 15th IEEE International Conference on the Engineering of Computer-Based Systems (ECBS 2008), Belfast, NI, GB, IEEE Computer Society (April 2008) [8] Best, B., Jürjens, J., Nuseibeh, B.: Model-Based Security Engineering of Distributed Information Systems Using UMLsec. In: ICSE 07: Proceedings of the 29th international conference on Software Engineering, Washington, DC, USA, IEEE Computer Society (2007) [9] Jürjens, J., Schreck, J., Bartmann, P.: Model-based security analysis for mobile communications. In: ICSE 08: Proceedings of the 30th international conference on Software engineering, New York, NY, USA, ACM (2008) [10] Herkenhöner, R.: Process Modeling for Privacy-conformant Biobanking: Case Studies on Modeling in UMLsec. In: Proceedings of the 6th International Workshop on Security Information Systems, Portugal, INSTICC Press (2008) 3 12 [11] Nakamura, Y., Tatsubori, M., Imamura, T., Ono, K.: Model-Driven Security Based on a Web Services Security Architecture. In: SCC 05: Proceedings of the 2005 IEEE International Conference on Services Computing. (2005)

Secure Document Circulation Using Web Services Technologies

Secure Document Circulation Using Web Services Technologies Secure Document Circulation Using Web Services Technologies Shane Bracher Bond University, Gold Coast QLD 4229, Australia Siemens AG (Corporate Technology), Otto-Hahn-Ring 6, 81739 Munich, Germany sbracher@student.bond.edu.au

More information

A Pattern-driven Generation of Security Policies for Service-oriented Architectures

A Pattern-driven Generation of Security Policies for Service-oriented Architectures A Pattern-driven Generation of Security Policies for Service-oriented Architectures Michael Menzel Hasso-Plattner-Institute Prof.-Dr.-Helmert Str. 2-3 14482 Potsdam, Germany michael.menzel @hpi.uni-potsdam.de

More information

A Comparison of SOA Methodologies Analysis & Design Phases

A Comparison of SOA Methodologies Analysis & Design Phases 202 A Comparison of SOA Methodologies Analysis & Design Phases Sandra SVANIDZAITĖ Institute of Mathematics and Informatics, Vilnius University Abstract. Service oriented computing is a new software engineering

More information

Introduction to Service Oriented Architectures (SOA)

Introduction to Service Oriented Architectures (SOA) Introduction to Service Oriented Architectures (SOA) Responsible Institutions: ETHZ (Concept) ETHZ (Overall) ETHZ (Revision) http://www.eu-orchestra.org - Version from: 26.10.2007 1 Content 1. Introduction

More information

Towards Collaborative Requirements Engineering Tool for ERP product customization

Towards Collaborative Requirements Engineering Tool for ERP product customization Towards Collaborative Requirements Engineering Tool for ERP product customization Boban Celebic, Ruth Breu, Michael Felderer, Florian Häser Institute of Computer Science, University of Innsbruck 6020 Innsbruck,

More information

Aligning User Consent Management and Service Process Modeling

Aligning User Consent Management and Service Process Modeling Aligning User Consent Management and Service Process Modeling Nils Gruschka nils.gruschka@fh-kiel.de Meiko Jensen meje@mmmi.sdu.dk Abstract: With evolving functionality of Internet services, the management

More information

Incorporating database systems into a secure software development methodology

Incorporating database systems into a secure software development methodology Incorporating database systems into a secure software development methodology Eduardo B. Fernandez 1, Jan Jurjens 2, Nobukazu Yoshioka 3, and Hironori Washizaki 4 1 Dept. of Computer Science, Florida Atlantic

More information

Business-Driven Software Engineering Lecture 3 Foundations of Processes

Business-Driven Software Engineering Lecture 3 Foundations of Processes Business-Driven Software Engineering Lecture 3 Foundations of Processes Jochen Küster jku@zurich.ibm.com Agenda Introduction and Background Process Modeling Foundations Activities and Process Models Summary

More information

Lightweight Data Integration using the WebComposition Data Grid Service

Lightweight Data Integration using the WebComposition Data Grid Service Lightweight Data Integration using the WebComposition Data Grid Service Ralph Sommermeier 1, Andreas Heil 2, Martin Gaedke 1 1 Chemnitz University of Technology, Faculty of Computer Science, Distributed

More information

Analyses on functional capabilities of BizTalk Server, Oracle BPEL Process Manger and WebSphere Process Server for applications in Grid middleware

Analyses on functional capabilities of BizTalk Server, Oracle BPEL Process Manger and WebSphere Process Server for applications in Grid middleware Analyses on functional capabilities of BizTalk Server, Oracle BPEL Process Manger and WebSphere Process Server for applications in Grid middleware R. Goranova University of Sofia St. Kliment Ohridski,

More information

- White Paper - Business Rules and SOA: Parallels and Synergies

- White Paper - Business Rules and SOA: Parallels and Synergies - White Paper - Business Rules and SOA: Parallels and Synergies Innovations Softwaretechnologie GmbH Ziegelei 7-88090 Immenstaad Germany Tel. ++49 (7545) 202-500 www.visual-rules.com info@visual-rules.de

More information

SERENITY Pattern-based Software Development Life-Cycle

SERENITY Pattern-based Software Development Life-Cycle SERENITY Pattern-based Software Development Life-Cycle Francisco Sanchez-Cid, Antonio Maña Computer Science Department University of Malaga. Spain {cid, amg}@lcc.uma.es Abstract Most of current methodologies

More information

Service-oriented Development of Federated ERP Systems

Service-oriented Development of Federated ERP Systems Service-oriented Development of Federated ERP Systems Nico Brehm, Jorge Marx Gómez Department of Computer Science, Carl von Ossietzky University Oldenburg, Ammerländer Heerstrasse 114-118, 26129 Oldenburg,

More information

Service-Oriented Architecture and its Implications for Software Life Cycle Activities

Service-Oriented Architecture and its Implications for Software Life Cycle Activities Service-Oriented Architecture and its Implications for Software Life Cycle Activities Grace A. Lewis Software Engineering Institute Integration of Software-Intensive Systems (ISIS) Initiative Agenda SOA:

More information

Principles and Foundations of Web Services: An Holistic View (Technologies, Business Drivers, Models, Architectures and Standards)

Principles and Foundations of Web Services: An Holistic View (Technologies, Business Drivers, Models, Architectures and Standards) Principles and Foundations of Web Services: An Holistic View (Technologies, Business Drivers, Models, Architectures and Standards) Michael P. Papazoglou (INFOLAB/CRISM, Tilburg University, The Netherlands)

More information

A System for Interactive Authorization for Business Processes for Web Services

A System for Interactive Authorization for Business Processes for Web Services A System for Interactive Authorization for Business Processes for Web Services Hristo Koshutanski and Fabio Massacci Dip. di Informatica e Telecomunicazioni - Univ. di Trento via Sommarive 14-38050 Povo

More information

Optimised Realistic Test Input Generation

Optimised Realistic Test Input Generation Optimised Realistic Test Input Generation Mustafa Bozkurt and Mark Harman {m.bozkurt,m.harman}@cs.ucl.ac.uk CREST Centre, Department of Computer Science, University College London. Malet Place, London

More information

Towards Automated Processing of the Right of Access in Inter-Organizational Web Service Compositions

Towards Automated Processing of the Right of Access in Inter-Organizational Web Service Compositions 2010 IEEE 6th World Congress on Services Towards Automated Processing of the Right of Access in Inter-Organizational Web Service Compositions Ralph Herkenhöner Hermann de Meer Computer Networks and Communications,

More information

Modeling Quality Information within Business Process Models

Modeling Quality Information within Business Process Models Modeling Quality Information within Business Process Models Robert Heinrich, Alexander Kappe, Barbara Paech University of Heidelberg, Institute of Computer Science, Im Neuenheimer Feld 326, 69120 Heidelberg,

More information

Introduction to Service-Oriented Architecture for Business Analysts

Introduction to Service-Oriented Architecture for Business Analysts Introduction to Service-Oriented Architecture for Business Analysts This course will provide each participant with a high-level comprehensive overview of the Service- Oriented Architecture (SOA), emphasizing

More information

Winery A Modeling Tool for TOSCA-based Cloud Applications

Winery A Modeling Tool for TOSCA-based Cloud Applications Institute of Architecture of Application Systems Winery A Modeling Tool for TOSCA-based Cloud Applications Oliver Kopp 1,2, Tobias Binz 2, Uwe Breitenbücher 2, and Frank Leymann 2 1 IPVS, 2 IAAS, University

More information

MDE Adoption in Industry: Challenges and Success Criteria

MDE Adoption in Industry: Challenges and Success Criteria MDE Adoption in Industry: Challenges and Success Criteria Parastoo Mohagheghi 1, Miguel A. Fernandez 2, Juan A. Martell 2, Mathias Fritzsche 3 and Wasif Gilani 3 1 SINTEF, P.O.Box 124-Blindern, N-0314

More information

Model Driven Interoperability through Semantic Annotations using SoaML and ODM

Model Driven Interoperability through Semantic Annotations using SoaML and ODM Model Driven Interoperability through Semantic Annotations using SoaML and ODM JiuCheng Xu*, ZhaoYang Bai*, Arne J.Berre*, Odd Christer Brovig** *SINTEF, Pb. 124 Blindern, NO-0314 Oslo, Norway (e-mail:

More information

Overview of major concepts in the service oriented extended OeBTO

Overview of major concepts in the service oriented extended OeBTO Modelling business policies and behaviour based on extended Open edi Business Transaction Ontology (OeBTO) Introduction Model Driven Development (MDD) provides a basis for the alignment between business

More information

Supporting Test-Driven Development of Web Service Choreographies

Supporting Test-Driven Development of Web Service Choreographies Supporting Test-Driven Development of Web Service Choreographies Felipe M. Besson, Pedro M.B. Leal, Fabio Kon and Alfredo Goldman Department of Computer Science University of São Paulo {besson, pedrombl,

More information

Supporting Software Development Process Using Evolution Analysis : a Brief Survey

Supporting Software Development Process Using Evolution Analysis : a Brief Survey Supporting Software Development Process Using Evolution Analysis : a Brief Survey Samaneh Bayat Department of Computing Science, University of Alberta, Edmonton, Canada samaneh@ualberta.ca Abstract During

More information

SERVICE ORIENTED ARCHITECTURE

SERVICE ORIENTED ARCHITECTURE SERVICE ORIENTED ARCHITECTURE Introduction SOA provides an enterprise architecture that supports building connected enterprise applications to provide solutions to business problems. SOA facilitates the

More information

Realizing business flexibility through integrated SOA policy management.

Realizing business flexibility through integrated SOA policy management. SOA policy management White paper April 2009 Realizing business flexibility through integrated How integrated management supports business flexibility, consistency and accountability John Falkl, distinguished

More information

Taming the Cloud: Safety, Certification and Compliance for Software Services

Taming the Cloud: Safety, Certification and Compliance for Software Services Taming the Cloud: Safety, Certification and Compliance for Software Services Keynote at the Workshop on Engineering Service-Oriented Applications (WESOA) 2011 Howard Foster and George Spanoudakis Department

More information

Service-oriented architecture in e-commerce applications

Service-oriented architecture in e-commerce applications Service-oriented architecture in e-commerce applications What is a Service Oriented Architecture? Depends on who you ask Web Services A technical architecture An evolution of distributed computing and

More information

74. Selecting Web Services with Security Compliances: A Managerial Perspective

74. Selecting Web Services with Security Compliances: A Managerial Perspective 74. Selecting Web Services with Security Compliances: A Managerial Perspective Khaled Md Khan Department of Computer Science and Engineering Qatar University k.khan@qu.edu.qa Abstract This paper proposes

More information

Towards Security Risk-oriented Misuse Cases

Towards Security Risk-oriented Misuse Cases Towards Security Risk-oriented Misuse Cases Inam Soomro and Naved Ahmed Institute of Computer Science, University of Tartu J. Liivi 2, 50409 Tartu, Estonia {inam, naved}@ut.ee Abstract. Security has turn

More information

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Business Process Management (BPM) Center of Excellence (CoE) Glossary October 26, 2009 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A Activity A generic term for work that a company or organization

More information

Modeling BPMN Diagrams within XTT2 Framework. A Critical Analysis**

Modeling BPMN Diagrams within XTT2 Framework. A Critical Analysis** AUTOMATYKA 2011 Tom 15 Zeszyt 2 Antoni Ligêza*, Tomasz Maœlanka*, Krzysztof Kluza*, Grzegorz Jacek Nalepa* Modeling BPMN Diagrams within XTT2 Framework. A Critical Analysis** 1. Introduction Design, analysis

More information

The role of integrated requirements management in software delivery.

The role of integrated requirements management in software delivery. Software development White paper October 2007 The role of integrated requirements Jim Heumann, requirements evangelist, IBM Rational 2 Contents 2 Introduction 2 What is integrated requirements management?

More information

Software Engineering II

Software Engineering II Software Engineering II Dr. Rami Bahsoon School of Computer Science University of Birmingham r.bahsoon@cs.bham.ac.uk Software Engineering II - Dr R Bahsoon Introduction to Cloud and SOA 1 Service-oriented

More information

Applying 4+1 View Architecture with UML 2. White Paper

Applying 4+1 View Architecture with UML 2. White Paper Applying 4+1 View Architecture with UML 2 White Paper Copyright 2007 FCGSS, all rights reserved. www.fcgss.com Introduction Unified Modeling Language (UML) has been available since 1997, and UML 2 was

More information

Model-driven secure system development framework

Model-driven secure system development framework SCIENTIFIC PAPERS, UNIVERSITY OF LATVIA, 2010. Vol. 757 COMPUTER SCIENCE AND INFORMATION TECHNOLOGIES 43 52 P. Model-driven secure system development framework Viesturs Kaugers, Uldis Sukovskis Riga Technical

More information

PROVIDING NATIVE SUPPORT FOR FEDERATED IDENTITY MANAGEMENT IN A BUSINESS-PROCESS-MANAGEMENT SYSTEM

PROVIDING NATIVE SUPPORT FOR FEDERATED IDENTITY MANAGEMENT IN A BUSINESS-PROCESS-MANAGEMENT SYSTEM PROVIDING NATIVE SUPPORT FOR FEDERATED IDENTITY MANAGEMENT IN A BUSINESS-PROCESS-MANAGEMENT SYSTEM Identity Business Processes Jens Müller Faculty of Informatics, Karlsruhe Institute of Technology, Karlsruhe,

More information

From Business World to Software World: Deriving Class Diagrams from Business Process Models

From Business World to Software World: Deriving Class Diagrams from Business Process Models From Business World to Software World: Deriving Class Diagrams from Business Process Models WARARAT RUNGWORAWUT 1 AND TWITTIE SENIVONGSE 2 Department of Computer Engineering, Chulalongkorn University 254

More information

SECTISSIMO: A Platform-independent Framework for Security Services

SECTISSIMO: A Platform-independent Framework for Security Services SECTISSIMO: A Platform-independent Framework for Security Services Mukhtiar Memon, Michael Hafner, and Ruth Breu University of Innsbruck, AUSTRIA {mukhtiar.memon, m.hafner, ruth.breu}@uibk.ac.at Abstract.

More information

Run-time Service Oriented Architecture (SOA) V 0.1

Run-time Service Oriented Architecture (SOA) V 0.1 Run-time Service Oriented Architecture (SOA) V 0.1 July 2005 Table of Contents 1.0 INTRODUCTION... 1 2.0 PRINCIPLES... 1 3.0 FERA REFERENCE ARCHITECTURE... 2 4.0 SOA RUN-TIME ARCHITECTURE...4 4.1 FEDERATES...

More information

Business Rules and SOA: Parallels and Synergies

Business Rules and SOA: Parallels and Synergies Business Rules and SOA: Parallels and Synergies White Paper As of January 2006 Innovations Software Technology GmbH, 2009. All rights reserved. Dissemination or reproduction of this publication or any

More information

Model-Driven Service Level Management

Model-Driven Service Level Management Model-Driven Service Level Management Anacleto Correia 1,2, Fernando Brito e Abreu 1 1 Faculdade de Ciências e Tecnologia/Universidade Nova de Lisboa, Caparica 2 Escola Superior de Tecnologia/Instituto

More information

Table of Contents. 1 Executive Summary... 2 2. SOA Overview... 3 2.1 Technology... 4 2.2 Processes and Governance... 8

Table of Contents. 1 Executive Summary... 2 2. SOA Overview... 3 2.1 Technology... 4 2.2 Processes and Governance... 8 Table of Contents 1 Executive Summary... 2 2. SOA Overview... 3 2.1 Technology... 4 2.2 Processes and Governance... 8 3 SOA in Verizon The IT Workbench Platform... 10 3.1 Technology... 10 3.2 Processes

More information

SAC 2015 Tutorial Proposal Software Reuse and Reusability Involving Requirements, Product Lines, and Semantic Service Specifications

SAC 2015 Tutorial Proposal Software Reuse and Reusability Involving Requirements, Product Lines, and Semantic Service Specifications SAC 2015 Tutorial Proposal Software Reuse and Reusability Involving Requirements, Product Lines, and Semantic Service Specifications Dr. Hermann Kaindl, Professor Vienna University of Technology, ICT Gusshausstr.

More information

Policy Modeling and Compliance Verification in Enterprise Software Systems: a Survey

Policy Modeling and Compliance Verification in Enterprise Software Systems: a Survey Policy Modeling and Compliance Verification in Enterprise Software Systems: a Survey George Chatzikonstantinou, Kostas Kontogiannis National Technical University of Athens September 24, 2012 MESOCA 12,

More information

BUSINESS RULES CONCEPTS... 2 BUSINESS RULE ENGINE ARCHITECTURE... 4. By using the RETE Algorithm... 5. Benefits of RETE Algorithm...

BUSINESS RULES CONCEPTS... 2 BUSINESS RULE ENGINE ARCHITECTURE... 4. By using the RETE Algorithm... 5. Benefits of RETE Algorithm... 1 Table of Contents BUSINESS RULES CONCEPTS... 2 BUSINESS RULES... 2 RULE INFERENCE CONCEPT... 2 BASIC BUSINESS RULES CONCEPT... 3 BUSINESS RULE ENGINE ARCHITECTURE... 4 BUSINESS RULE ENGINE ARCHITECTURE...

More information

Prerequisites for Successful SOA Adoption

Prerequisites for Successful SOA Adoption George Feuerlicht University of Technology, Sydney jiri@it.uts.edu.au 1. INTRODUCTION The adoption of SOA (Service Oriented Architecture) has gained momentum in the past two years, and the predictions

More information

Business Process Configuration with NFRs and Context-Awareness

Business Process Configuration with NFRs and Context-Awareness Business Process Configuration with NFRs and Context-Awareness Emanuel Santos 1, João Pimentel 1, Tarcisio Pereira 1, Karolyne Oliveira 1, and Jaelson Castro 1 Universidade Federal de Pernambuco, Centro

More information

A Service Oriented Security Reference Architecture

A Service Oriented Security Reference Architecture International Journal of Advanced Computer Science and Information Technology (IJACSIT) Vol. 1, No.1, October 2012, Page: 25-31, ISSN: 2296-1739 Helvetic Editions LTD, Switzerland www.elvedit.com A Service

More information

UPROM Tool: A Unified Business Process Modeling Tool for Generating Software Life Cycle Artifacts

UPROM Tool: A Unified Business Process Modeling Tool for Generating Software Life Cycle Artifacts UPROM Tool: A Unified Business Process Modeling Tool for Generating Software Life Cycle Artifacts Banu Aysolmaz 1 and Onur Demirörs 2 1, 2 Informatics Institute, Middle East Technical University, Ankara,

More information

WebSphere Business Modeler

WebSphere Business Modeler Discovering the Value of SOA WebSphere Process Integration WebSphere Business Modeler Workshop SOA on your terms and our expertise Soudabeh Javadi Consulting Technical Sales Support WebSphere Process Integration

More information

UIMA and WebContent: Complementary Frameworks for Building Semantic Web Applications

UIMA and WebContent: Complementary Frameworks for Building Semantic Web Applications UIMA and WebContent: Complementary Frameworks for Building Semantic Web Applications Gaël de Chalendar CEA LIST F-92265 Fontenay aux Roses Gael.de-Chalendar@cea.fr 1 Introduction The main data sources

More information

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s

More information

APPLICATION OF KNOWLEDGE MANAGEMENT AND SEMANTIC TECHNOLOGIES IN IT SERVICE MANAGEMENT

APPLICATION OF KNOWLEDGE MANAGEMENT AND SEMANTIC TECHNOLOGIES IN IT SERVICE MANAGEMENT Key words: IT Service Management, ITIL, Semantic technologies, Ontologies Martin SARNOVSKY*, Karol FURDIK**, Martin TOMASEK** APPLICATION OF KNOWLEDGE MANAGEMENT AND SEMANTIC TECHNOLOGIES IN IT SERVICE

More information

Chapter 4 Software Lifecycle and Performance Analysis

Chapter 4 Software Lifecycle and Performance Analysis Chapter 4 Software Lifecycle and Performance Analysis This chapter is aimed at illustrating performance modeling and analysis issues within the software lifecycle. After having introduced software and

More information

D. SERVICE ORIENTED ARCHITECTURE PRINCIPLES

D. SERVICE ORIENTED ARCHITECTURE PRINCIPLES D. SERVICE ORIENTED ARCHITECTURE PRINCIPLES 1. Principles of serviceorientation 2. Service exchange lifecycle 3. Service composition 4. Evolution of SOA 212 D.1 Principles of service-orientation 213 HISTORICAL

More information

Secure Software Architecture Description using UML Jan Jürjens Competence Center for IT Security Software & Systems Engineering TU Munich, Germany

Secure Software Architecture Description using UML Jan Jürjens Competence Center for IT Security Software & Systems Engineering TU Munich, Germany Secure Software Architecture Description using UML Jan Jürjens Competence Center for IT Security Software & Systems Engineering TU Munich, Germany juerjens@in.tum.de http://www.umlsec.org Problems, Causes

More information

Developing a Service Oriented Process Management System for University Quality Assurance

Developing a Service Oriented Process Management System for University Quality Assurance Developing a Service Oriented Process Management System for University Quality Assurance PROF. DR. TAHER TAWFEK HAMZA Dept. of computer science, faculty of computer science and informatics, mansoura university,

More information

Approach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera

Approach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera Approach to Information Security Architecture Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera About TeliaSonera TeliaSonera provides network access and telecommunication services that help

More information

Enterprise Service Bus

Enterprise Service Bus Introduction to Enterprise Service Bus DISTRIBUTED SYSTEMS RESEARCH GROUP http://nenya.ms.mff.cuni.cz CHARLES UNIVERSITY PRAGUE Faculty of Mathematics and Physics What s the problem? o deploy disparate

More information

Challenges and Opportunities for formal specifications in Service Oriented Architectures

Challenges and Opportunities for formal specifications in Service Oriented Architectures ACSD ATPN Xi an China June 2008 Challenges and Opportunities for formal specifications in Service Oriented Architectures Gustavo Alonso Systems Group Department of Computer Science Swiss Federal Institute

More information

Business Process Management and IT Architecture Design. The T case study. Dr. Jana Koehler Olaf Zimmermann IBM Zurich Research Laboratory

Business Process Management and IT Architecture Design. The T case study. Dr. Jana Koehler Olaf Zimmermann IBM Zurich Research Laboratory Business Process Management and IT Architecture Design The T case study Dr. Jana Koehler Olaf Zimmermann IBM Zurich Research Laboratory ZRL BIT at a Glance IBM Zurich Research Lab (ZRL), Rüschlikon/ZH

More information

Embedded System Software Testing Based On SOA For Mobile Service

Embedded System Software Testing Based On SOA For Mobile Service International Journal of Advanced Science and Technology 55 Embedded System Software Testing Based On SOA For Mobile Service Myung-Hee Lee,1, Cheol-Jung Yoo 1, Ok-Bae Jang 1, 1 Computer Science Chonbuk

More information

Developing SOA solutions using IBM SOA Foundation

Developing SOA solutions using IBM SOA Foundation Developing SOA solutions using IBM SOA Foundation Course materials may not be reproduced in whole or in part without the prior written permission of IBM. 4.0.3 4.0.3 Unit objectives After completing this

More information

Service-oriented architectures (SOAs) support

Service-oriented architectures (SOAs) support C o v e r f e a t u r e On Testing and Evaluating Service-Oriented Software WT Tsai, Xinyu Zhou, and Yinong Chen, Arizona State University Xiaoying Bai, Tsinghua University, China As service-oriented architecture

More information

Creation of value added services in NGN with BPEL

Creation of value added services in NGN with BPEL Creation of value added services in NGN with BPEL T.Eichelmann 1, 2, W.Fuhrmann 3, U.Trick 1, B.Ghita 2 1 Research Group for Telecommunication Networks, University of Applied Sciences Frankfurt/M., Frankfurt/M.,

More information

The case for service oriented architecture in realising trusted, interoperable, pan-european egovernment services.

The case for service oriented architecture in realising trusted, interoperable, pan-european egovernment services. The case for service oriented architecture in realising trusted, interoperable, pan-european egovernment services. Stephen McGibbon Microsoft EMEA Tel. +445511490070 Email. stephenm@microsoft.com Abstract:

More information

Nr.: Fakultät für Informatik Otto-von-Guericke-Universität Magdeburg

Nr.: Fakultät für Informatik Otto-von-Guericke-Universität Magdeburg Nr.: Fakultät für Informatik Otto-von-Guericke-Universität Magdeburg Nr.: Fakultät für Informatik Otto-von-Guericke-Universität Magdeburg Impressum ( 5 TMG) Herausgeber: Otto-von-Guericke-Universität Magdeburg

More information

A Variability Viewpoint for Enterprise Software Systems

A Variability Viewpoint for Enterprise Software Systems 2012 Joint Working Conference on Software Architecture & 6th European Conference on Software Architecture A Variability Viewpoint for Enterprise Software Systems Matthias Galster University of Groningen,

More information

An Eclipse plug-in for Public Administration software system modelling and simulation

An Eclipse plug-in for Public Administration software system modelling and simulation An Eclipse plug-in for Public Administration software system modelling and simulation Riccardo Cognini, Damiano Falcioni, Andrea Polini, Alberto Polzonetti, and Barbara Re University of Camerino, School

More information

Evaluating Semantic Web Service Tools using the SEALS platform

Evaluating Semantic Web Service Tools using the SEALS platform Evaluating Semantic Web Service Tools using the SEALS platform Liliana Cabral 1, Ioan Toma 2 1 Knowledge Media Institute, The Open University, Milton Keynes, UK 2 STI Innsbruck, University of Innsbruck,

More information

SOA Success is Not a Matter of Luck

SOA Success is Not a Matter of Luck by Prasad Jayakumar, Technology Lead at Enterprise Solutions, Infosys Technologies Ltd SERVICE TECHNOLOGY MAGAZINE Issue L May 2011 Introduction There is nothing either good or bad, but thinking makes

More information

CT30A8901 Chapter 10 SOA Delivery Strategies

CT30A8901 Chapter 10 SOA Delivery Strategies CT30A8901 Chapter 10 SOA Delivery Strategies Prof. Jari Porras Communications Software Laboratory Contents 10.1 SOA Delivery lifecycle phases 10.2 The top-down strategy 10.3 The bottom-up strategy 10.4

More information

Traceability Method for Software Engineering Documentation

Traceability Method for Software Engineering Documentation www.ijcsi.org 216 Traceability Method for Software Engineering Documentation Nur Adila Azram 1 and Rodziah Atan 2 1 Department of Information System, Universiti Putra Malaysia, Company Serdang, Selangor,

More information

1.1 The Nature of Software... Object-Oriented Software Engineering Practical Software Development using UML and Java. The Nature of Software...

1.1 The Nature of Software... Object-Oriented Software Engineering Practical Software Development using UML and Java. The Nature of Software... 1.1 The Nature of Software... Object-Oriented Software Engineering Practical Software Development using UML and Java Chapter 1: Software and Software Engineering Software is intangible Hard to understand

More information

1 What Are Web Services?

1 What Are Web Services? Oracle Fusion Middleware Introducing Web Services 11g Release 1 (11.1.1) E14294-04 January 2011 This document provides an overview of Web services in Oracle Fusion Middleware 11g. Sections include: What

More information

Monitoring of Business Processes in the EGI

Monitoring of Business Processes in the EGI Monitoring of Business Processes in the EGI Radoslava Hristova Faculty of Mathematics and Informatics, University of Sofia St. Kliment Ohridski, 5 James Baucher, 1164 Sofia, Bulgaria radoslava@fmi.uni-sofia.bg

More information

SLA Business Management Based on Key Performance Indicators

SLA Business Management Based on Key Performance Indicators , July 4-6, 2012, London, U.K. SLA Business Management Based on Key Performance Indicators S. Al Aloussi Abstract-It is increasingly important that Service Level Agreements (SLAs) are taken into account

More information

Business Process Standards and Modeling

Business Process Standards and Modeling Business Process Standards and Modeling Janne J. Korhonen Helsinki University of Technology STANDARDS Standards Organizations Object Management Group (www.omg.org) Business Process Modeling Notation (BPMN)

More information

An Open Policy Framework for Cross-vendor Integrated Governance

An Open Policy Framework for Cross-vendor Integrated Governance An Open Policy Framework for Cross-vendor Integrated Governance White Paper Intel SOA Expressway An Open Policy Framework for Cross-vendor Integrated Governance Intel SOA Expressway delivers a pluggable

More information

Business Process Modeling and SOA 9-23-2008 Class Notes

Business Process Modeling and SOA 9-23-2008 Class Notes Business Process Modeling and SOA 9-23-2008 Class Notes SOA Life Cycle (The IBM SOA Foundation) Model o Business analysis and design (requirements, processes, goals, key performance indicator) o IT analysis

More information

Policy Driven Practices for SOA

Policy Driven Practices for SOA Independent Insight for Oriented Practice Policy Driven Practices for SOA Lawrence Wilkes CBDI Forum www.cbdiforum.com Agenda! Enterprise SOA Challenge! SOA Policy Areas! Layered Architecture as a basis

More information

Building the European Biodiversity. Observation Network (EU BON)

Building the European Biodiversity. Observation Network (EU BON) Enterprise Application Integration Building the European Biodiversity through Service-Oriented Architecture Observation Network (EU BON) EU BON Project Building the European Biodiversity Network Presentation

More information

Reengineering Open Source CMS using Service-Orientation: The Case of Joomla

Reengineering Open Source CMS using Service-Orientation: The Case of Joomla Reengineering Open Source CMS using Service-Orientation: The Case of Joomla Tagel Gutema tagelgutema@gmail.com Dagmawi Lemma Department of Computer Science, Addis Ababa University, Ethiopia dagmawil@yahoo.com

More information

Patterns for Secure Boot and Secure Storage in Computer Systems

Patterns for Secure Boot and Secure Storage in Computer Systems Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de

More information

IBM Rational systems and software solutions for the medical device industry

IBM Rational systems and software solutions for the medical device industry IBM Software August 2011 IBM Rational systems and software solutions for the medical device industry Improve processes, manage IEC 61508 and IEC 62304 standards, develop quality products Highlights Manage

More information

Identity as a Service Towards a Service-Oriented Identity Management Architecture

Identity as a Service Towards a Service-Oriented Identity Management Architecture Identity as a Service Towards a Service-Oriented Identity Management Architecture Christian Emig, Frank Brandt, Sebastian Kreuzer, and Sebastian Abeck Cooperation & Management, Universität Karlsruhe (TH),

More information

Model-based Security Analysis for Mobile Communications

Model-based Security Analysis for Mobile Communications Model-based Security Analysis for Mobile Communications An Industrial Application of UMLsec Jan Jürjens The Open University, UK J.Jurjens@open.ac.uk Jörg Schreck O 2 (Germany) Joerg.Schreck@acm.org Peter

More information

Business Rule Standards -- Interoperability and Portability

Business Rule Standards -- Interoperability and Portability Rule Standards -- Interoperability and Portability April 2005 Mark H. Linehan Senior Technical Staff Member IBM Software Group Emerging Technology mlinehan@us.ibm.com Donald F. Ferguson IBM Fellow Software

More information

Rules and Business Rules

Rules and Business Rules OCEB White Paper on Business Rules, Decisions, and PRR Version 1.1, December 2008 Paul Vincent, co-chair OMG PRR FTF TIBCO Software Abstract The Object Management Group s work on standards for business

More information

Advancing Your Business Analysis Career Intermediate and Senior Role Descriptions

Advancing Your Business Analysis Career Intermediate and Senior Role Descriptions Advancing Your Business Analysis Career Intermediate and Senior Role Descriptions The role names listed in the Career Road Map from International Institute of Business Analysis (IIBA) are not job titles

More information

Models Supporting Development of Complex Information Systems in Healthcare. Case study: an Obstetrics-Gynecology Department

Models Supporting Development of Complex Information Systems in Healthcare. Case study: an Obstetrics-Gynecology Department en18 Original Article Models Supporting Development of Complex Information Systems in Healthcare. Case study: an Obstetrics-Gynecology Department Mihaela Crisan-Vida 1, Lăcrămioara Stoicu-Tivadar 1, Oana

More information

Service Level Agreements based on Business Process Modeling

Service Level Agreements based on Business Process Modeling Service Level Agreements based on Business Process Modeling Holger Schmidt Munich Network Management Team University of Munich, Dept. of CS Oettingenstr. 67, 80538 Munich, Germany Email: schmidt@informatik.uni-muenchen.de

More information

Continual Verification of Non-Functional Properties in Cloud-Based Systems

Continual Verification of Non-Functional Properties in Cloud-Based Systems Continual Verification of Non-Functional Properties in Cloud-Based Systems Invited Paper Radu Calinescu, Kenneth Johnson, Yasmin Rafiq, Simos Gerasimou, Gabriel Costa Silva and Stanimir N. Pehlivanov Department

More information

Towards a Comprehensive Design-time Compliance Management: A Roadmap

Towards a Comprehensive Design-time Compliance Management: A Roadmap Towards a Comprehensive Design-time Management: A Roadmap Amal Elgammal, Ph.D. Candidate, Tilburg, The Netherlands, a.f.s.a.elgammal@uvt.nl Oktay Turetken, Post-doc Researcher, Tilburg, The Netherlands,

More information

Model-Based Design Environment for Clinical Information Systems

Model-Based Design Environment for Clinical Information Systems Model-Based Design Environment for Clinical Information Systems Janos Mathe, Sean Duncavage, Jan Werner, Akos Ledeczi, Bradley Malin, Janos Sztipanovits Vanderbilt University TRUST Review, October 11,

More information

Multi-Level Secure Architecture for Distributed Integrated Web Services

Multi-Level Secure Architecture for Distributed Integrated Web Services Multi-Level Secure Architecture for Distributed Integrated Web s J.G.R.Sathiaseelan Bishop Heber College (Autonomous) Tiruchirappalli 620 017, India jgrsathiaseelan@gmail.com S.Albert Rabara St Joseph

More information

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform White Paper Delivering Web Services Security: September 2003 Copyright 2003 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.

More information